CVE-2005-1824

Опубликовано: 02 июн. 2005

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.

Ссылки

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=308031
Patch
Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200506-02.xml

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:mailutils:1.0.6.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01235

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2005-1824

ubuntu

больше 20 лет назад

The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.

CVE-2005-1824

debian

больше 20 лет назад

The sql_escape_string function in auth/sql.c for the mailutils SQL aut ...

GHSA-w4pv-3mff-jpv9

github

больше 3 лет назад

EPSS

Процентиль: 78%

0.01235

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other